Secure comms ride Internet stealth channel

Portland, Ore. -- A secret communications channel hidden beneath the noise floor of existing Internet public fiber-optic networks could serve as a conduit for uncrackable data transmission, electrical engineers from Princeton University said last week. Even the presence of data in the stealth channel is hidden; it's impossible to know that anything is being transmitted.

At the Optical Society of America's annual meeting in Rochester, N.Y., the EEs reported on their design for a physical-layer modification that hides a secure communications channel amid the clamor of public traffic. The technique could cheaply retrofit the existing Internet with a mechanism for secure transmission of confidential and sensitive data, the researchers said.

"We hide a stealth channel beneath the normal channel's noise floor, but our approach only works when there is a lot of public traffic, as there is on the Internet," said Princeton's Bernard Wu. "I don't know why no one has proposed a stealth channel before; all the components are readily available." Wu developed the idea with EE professor Evgenii Narimanov under a grant from the Defense Advanced Research Projects Agency.

Experimenters have been applying the spread-spectrum principles of code-division multiple access to optical data transmissions for more than a decade, but only to maximize channel utilization, never before to create a stealth channel. The Princeton technique works by executing the CDMA algorithm using optical components instead of electronics.

Darpa is interested because no conventional encryption techniques, even quantum encryption, hide the very presence of data; rather, they leave the encrypted data in a public channel and depend on the difficulty of eavesdropping or the length of an encryption key to safeguard it. But the stealth channel buries the message below the optical noise of the public network, so it's undetectable at the physical layer.

"Our security is much higher than encryption, because we are changing the physical layer of the network in a way that will be undetectable and yet will carry a stealth channel within it," said Wu. "We are not even giving eavesdroppers a chance to try decoding our data."

First, a diffraction grating separates the stealth message into frequency components. Then a phase mask--made from an optical modulator--spreads the signal out in time, thus slowing the data rate of the stealth channel from the normal 2.5 Gbits/second to about 600 Mbits/s. At that speed, the bit-error rate and the security levels can be tuned independently of Internet traffic with optically adjustable parameters.

"We can tune both the error rates of the stealth channel and the degree of security," said Wu. "By controlling the input power and the code length, we can adjust the amount of time spreading."

The frequency spectrum of the hidden channel is calculated to be the same as that of the normal Internet traffic, making it impossible to use a filter to detect the presence of the hidden channel. The receiver, however, uses a matched filter, which executes the conjugate reassembly of the frequency components so that a second diffraction grating can reconstruct the original stealth message.

"The matched filter greatly amplifies our signal by adding up the energy from all over the spectrum, while leaving the noise floor the same," said Wu.

All the components are available commercially, so next the EEs are aiming to demonstrate a real working prototype of a 600-Mbit/s stealth channel hidden underneath a 2.5-Gbit/s optical channel carrying normal traffic. They already have the components set up using off- the-shelf diffraction gratings, with commercial optical modulators for the phase mask encoders and decoders. Under their Darpa contract, Wu and Narimanov are due to report their progress with the prototype in mid-2007.

"We are hoping to demonstrate a prototype that companies could use as a starting point for a matched set of encoder- decoders," said Wu. "Our main intent will be to prove that it really works like our simulations say it will, so our first prototype will leave many ways to optimize the design for potential commercial devices."

If the prototype proves successful, implementation in real fiber-optic networks would be a matter of integrating the optical components into existing Internet backbones.